New access controllers are shipped with "TLS Required". However, previously installed controllers may not be set for TLS. In this case, the access controller is configured to Use TLS Encryption in Elements, but Data Security is not set to "TLS Required" on the controller's web configuration page.